Posted by: David Harley | December 11, 2018

Webkit vulnerability affecting Safari et al

Bleeping Computer: WebKit Vulnerability Affects Latest Versions of Apple Safari

“A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple’s Safari, along with other apps on macOS, iOS, and Linux.”

David Harley

Posted by: David Harley | December 10, 2018

Apple updates 10th December 2018

Apologies for the continuing silence from this page, due to bereavement and personal illness. I still don’t have much time to give to this project at the moment, but here are a few ‘catch-ups’.

David Harley

Posted by: David Harley | November 17, 2018

Apple and Android updates 17th November 2018

Bleeping Computer: iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo – “iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device.”

 for ESET: Google’s data charts path to avoiding malware on Android
“How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers”

Cyberscoop: Apple’s new security chip kills access to microphone – “In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut.”

The Register: Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let ’em have it – “And Apple fixes Watch-killing security patch of its own”

Graham Cluley for BitDefender: Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

John E. Dunn for Sophos: Another day, another update, another iPhone lock screen bypass

Sophos: Update now! Apple releases security fixes for iOS, MacOS, Safari, others

Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

David Harley

Posted by: David Harley | October 26, 2018

More on the Bloomberg claims

I’ve often taken issue with Cylance (and other so-called next-generation vendors) over its misleading claims about mainstream detection techniques. However, the company has published some discussion among its own researchers regarding Bloomberg’s claims about supply-chain security issues relating to Apple and other big US companies, and several good points are made therein. Worth reading.

Around the Watercooler: Bloomberg “Big Hack” Edition

David Harley

Posted by: David Harley | October 26, 2018

Apple, GrayKey, Google

ZDnet: Apple blocks GrayKey police tech in iOS update – “Reports suggest the data-slurping tool has been rendered useless — but no-one knows how.”

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”

[added subsequently]

Danny Bradbury for Sophos: Former Facebook security chief calls out Apple for privacy hypocrisy – “Alex Stamos, the former security chief at Facebook, has called out Apple CEO, Tim Cook, for what he sees as the company’s hypocrisy over user privacy.”

David Harley

Older Posts »